I am pleased to announce this new version of SonarLint for Eclipse.
With this version, we add the possibility to investigate and fix taint vulnerabilities detected by SonarQube or SonarCloud directly in the IDE.
Taint vulnerabilities are security vulnerabilities where an attacker-controlled data is passed unsanitized from an input source to a sensitive sink.
Although taint vulnerabilities are not detected by SonarLint in the local code (they are only detected by SonarQube or SonarCloud), developers are now able, thanks to SonarLint, to review the whole injection flow in the IDE from the source to the sink.
As for other code quality and security issues, our rule documentation will help understand what is wrong, and how you can get it fixed.
All you need is to update SonarLint, and make sure your project is bound to SonarCloud or SonarQube (8.6 minimum version required).